SCION: PKI Overview Adrian Perrig Network Security Group, ETH Zürich
PKI Concepts: Brief Introduction PKI: Public-Key Infrastructure Purpose of PKI: enable authentication of an entity Various types of entities Autonomous System (AS): ISP, university, corporation Router Service Web site Important terms Certificate: binds entity identifier to a cryptographic key Root of trust: Axiomatically trusted key to start authentication Certification Authority (CA): trusted entity that issues certificates 2
Desired PKI Properties Trust scalability: support heterogenous trust relationships Transparency Possible to enumerate trust roots Accountability of all PKI operations Resilient to trust root compromise Quick recovery from trust root compromise Trust control / agility Entities can select which trust roots they need to rely upon Hosts can select trust roots for verification 3
Overview Control-plane PKI DRKey End-entity PKI Name-resolution PKI 4
Control-Plane PKI Control plane: System to determine and disseminate end-toend paths Inter-domain control plane in current Internet: BGP + ICMP + support protocols Control-plane PKI mainly provides AS certificates to enable AS authentication Main requirement: high availability Needs to work without reliance on availability of communication to PKI servers (to avoid cyclic dependency between routing and PKI operation) 5
Approach for Trust Scalability: Isolation Domains Observation: subset of the Internet can agree on roots of trust form Isolation Domain (ISD) with those particular roots of trust Authenticate entities within each ISD Users & domains can select ISD based on root of trust Also supports modern log-based PKI approaches: CT, ARPKI, Challenge: retain global verifiability 6
Trust Root Configuration () Each SCION ISD defines trust roots in a Trust roots for three PKIs Control-plane PKI: core AS certificates End-entity PKI: root CA and log server certificates Name-resolution PKI: root name server certificate Trust agility: hosts select they want to use for verification s enable efficient updating of trust roots distribution is tied to path exploration and resolution 7
Sample Control-plane PKI roots End-entity PKI root CAs End-entity PKI Logs Name-resolution PKI Cross-signatures 8
Cross Signatures I J T U C A B E K L M V W X Y Z F D G H N Q O P S A D B E C R 9
ISD-to-ISD Verification verification of other ISDs follows core paths Additional cross-signatures are possible (dashed blue arrows) Important property: each core segment provides a verification chain 10
Update New is signed by quorum of trust roots defined in previous K M Also cross-signed by L neighboring ISDs version is announced in PCB, ASes fetch if they do not already have it Result: entire ISD rapidly obtains new with new trust roots N Q O R P S 11
AS Certificates Each AS obtains certificate signed by a core AS Problem: AS certificate revocation check can introduce cyclic dependency between control plane and PKI operation Solution: use short-lived certificates for non-core ASes, valid for up to 3 days Core AS certificate can be revoked through update Any AS can certify any other AS through chain of cross-signed s and by verifying core AS signatures Certificate distribution is tied to path exploration and resolution 12
External ISD AS Certificate Verification I J A C B E K L M V T W U X Y Z F D G H N Q O P S A D B E C Cert E R 13
Desired PKI Properties: SCION CP-PKI Trust scalability: support heterogenous trust relationships Transparency Possible to enumerate trust roots Accountability of all PKI operations Resilient to trust root compromise Quick recovery from trust root compromise Trust control / agility Entities can select which trust roots they need to rely upon Hosts can select trust roots for verification 14
Dynamically Recreatable Key (DRKey) AS certificates (authenticated through s) can be used to bootstrap authentication and secrecy Unfortunately, asymmetric-key cryptography is quite slow and would not work well for the following cases: A router needs to send an authenticated error message to a remote AS An end host needs to encrypt a secret value for each router on a path Goals Enable rapid establishment of a shared secret key between any two entities Routers can derive per-host secret key efficiently without any per-as or per-host state 15
DRKey: Deriving AS-to-AS Symmetric Keys Idea: use a per-as secret value to derive keys through an efficient Pseudo-Random Function (PRF) Example: AS X creates a key for AS Y using X s secret value SVX KX Y = PRFSVx ( Y ) Intel AESni instructions enable PRF computation within 50 cycles. Key computation can be faster than in-memory key lookup! Any entity in AS X knowing secret value SVX can derive KX * Example: router inside AS X can derive KX Y on-the-fly AS Y can fetch KX Y from AS X through a secure channel set up based on AS certificates 16
Overview Control-plane PKI DRKey End-entity PKI Name-resolution PKI 17
Roots of Trust in Current Internet OS / browser CA certificate store: roots of trust of TLS PKI [Oligopoly model] OS / Browser certificate Observation: Browser and OS manufacturer control roots of trust, thus their update keys become most fundamental root of trust [Monopoly model] CA certificates Interesting question: how to become a root CA? Pay ~$50 000 to two major browser vendors to add new root CA certificate, Domain certificates others will follow suit 18
PKI Properties: TLS PKI Trust scalability: support heterogenous trust relationships Transparency Possible to enumerate trust roots Accountability of all PKI operations Resilient to trust root compromise Quick recovery from trust root compromise Trust control / agility Entities can select which trust roots they need to rely upon Hosts can select trust roots for verification 19
Improvement: Certificate Transparency Google has leveraged market leader position to improve security of TLS PKI ecosystem (Chrome browser market share in May 2017: ~60%) Certificate Transparency: public log servers that create public ledger on which certificates are valid If a certificate does not appear on any ledger, it is invalid Google has made CA compliance with CT mandatory by October 2017 20
PKI Properties: Certificate Transparency Trust scalability: support heterogenous trust relationships Transparency Possible to enumerate trust roots Accountability of all PKI operations Resilient to trust root compromise Quick recovery from trust root compromise Trust control / agility Entities can select which trust roots they need to rely upon Hosts can select trust roots for verification 21
Goal: Increase Security of TLS PKI Observation: for man-in-the-middle attack, adversary creates new bogus certificate Basic idea: cross-validate TLS certificate by multiple parties Perspectives [Wendlandt et al. 2008] Network of Notary servers record certificates from multiple vantage points Browser contacts a random subset of notaries CT [Laurie et al. 2012], Sovereign keys [Eckersley 2012] Public ledger containing all valid certificates ARPKI [Basin et al. 2014] PoliCert [Szałachowski et al. 2014] 22
SCION End-Entity PKI: ARPKI + PoliCert Subject certificate policy (SCP): policy that all of a domain s certificates need to adhere to Multi-signature certificate (MSC): domain certificate signed by multiple entities + signed by SCP Observation: Domain s Subject Certificate Policy (SCP) changes infrequently invest more effort to secure it SCP registration: 23
SCION End-Entity PKI: ARPKI + PoliCert contains: Trust roots of CAs and log servers Threshold for number of signatures required for SCP SCP defines domain-specific policy List of trusted CAs Threshold for number of signatures required for MSC Hard fail or soft fail in case MSC parameter violation 24
Security of SCION End-Entity PKI Consider domain D has an SCP and MSC registered in ISD with A Important property: any client that uses A as its root of trust can be assured that at least a threshold number of trusted entities defined in A must be malicious in order to forge an SCP or MSC Therefore, any client that obtains an SCP or MSC defined by a other than A, needs to obtain a proof of absence that there s no SCP in the end-entity PKI defined by A 25
PKI Properties: End-Entity PKI Trust scalability: support heterogenous trust relationships Transparency Possible to enumerate trust roots Accountability of all PKI operations Resilient to trust root compromise Quick recovery from trust root compromise Trust control / agility Entities can select which trust roots they need to rely upon Hosts can select trust roots for verification 26
What about DNSSEC-based PKI? DANE: DNSSEC entry also contains domains certificate Problems All entities on the verification chain need to be trusted system only as secure as the weakest link Kill switch: revocation of a key invalidates all child entries 27
PKI Properties: DANE Trust scalability: support heterogenous trust relationships Transparency Possible to enumerate trust roots Accountability of all PKI operations Resilient to trust root compromise Quick recovery from trust root compromise Trust control / agility Entities can select which trust roots they need to rely upon Hosts can select trust roots for verification 28
SCION Name-Resolution PKI Double verification path: All delegations in name resolution process are signed, each step is verified Domain entry is also signed by SCP Advantages Name-resolution PKI used for availability SCP used for high security 29
PKI Properties: Name-Resolution PKI Trust scalability: support heterogenous trust relationships Transparency Possible to enumerate trust roots Accountability of all PKI operations Resilient to trust root compromise Quick recovery from trust root compromise Trust control / agility Entities can select which trust roots they need to rely upon Hosts can select trust roots for verification 30
Summary SCION integrates three innovative PKI systems Control-plane PKI High availability with simple operation provides trust root transparency, control, and easy updatability DRKey provides highly efficient and scalable symmetric key derivation End-entity PKI High security: requiring several trusted entities to collude to create bogus certificate First PKI where domain can limit the set of trust roots for the certification of its certificate Name-resolution PKI DNSSEC-style PKI only used for availability End-entity PKI used for high security 31
For More Information please see our web page: www.scion-architecture.net Chapter 4 of our book SCION: A secure Internet Architecture Available from Springer this Summer 2017 PDF available on our web site Following presentations Control-plane PKI DRKey End-entity PKI Name-resolution PKI ISD coordination 32